Lenovo Patches Serious Vulnerabilities In PC System Update Tool

itwbennett writes: "For the third time in less than six months security issues have forced Lenovo to update one of the tools preloaded on its PCs," writes Lucian Constantin. Last week, the company released version 5.07.0019 of Lenovo System Update, a tool that helps users keep their computers' drivers and BIOS up to date and which was previously called ThinkVantage System Update. The new version fixes two local privilege escalation vulnerabilities discovered by researchers from security firm IOActive.

Enough with the proprietary ...

[gstoddart]

Time and time again these companies roll their own version of something, and time and time again it proves to be a failure.

Let the OS maker build the tools to manage the OS, this way when that is found to be defective we all get the same update.

This is one of the reasons I utterly hate OEM installs, because they put so much extra garbage on the machine as to render it almost useless.

My mother-in-law's laptop needed to have about a dozen or so "helpers" (ie shitware) disabled to make the machine usable, otherwise it was spending most of its time trying to see if it could be helpful and perform tasks which were already done.

Make a good quality laptop, and sell it to us. Make sure to write drivers for your stuff, and if you can't do that use someone's stuff which does have drivers.

And then leave the rest of the damned OS alone.

Just because someone in marketing wants to brand the experience and differentiate the product doesn't mean you're actually capable of delivering on this.

As often as not these "helpful" tools cause more problems than they could ever hope to fix.

Re:We patched your patch

[Teckla]

The real problem, in my opinion, is that most companies simply don't take software development seriously.

Companies want software done cheap and fast, and the result is entirely predictable: buggy, unstable, insecure software.